The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes a command-line interface named obsidian and provides an eval command which executes arbitrary JavaScript within the Obsidian application environment.
[REMOTE_CODE_EXECUTION]: The documentation includes the plugin:install command which fetches and activates code from the Obsidian community plugin registry.
[DATA_EXFILTRATION]: The skill provides tools for data transfer to external services, specifically via the publish:add command for the Obsidian Publish service and bookmarking external URLs.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted vault content. Ingestion points: Note content and system logs are retrieved through obsidian read, obsidian search, and obsidian dev:console. Boundary markers: No delimiters or instructions are used to distinguish between note content and agent directives. Capability inventory: The skill possesses the ability to delete files, execute code via eval, and install third-party plugins. Sanitization: There is no evidence of input validation or sanitization before data from the vault is processed by the agent.

obsidian-cli